A few years ago I was headed into a meeting with the president of a critical infrastructure provider when I saw and photographed a picture of a yellow Post-it note with the user name a password written on it.
As with most people reading this blog I was angered that this could happen in 2007 after all the efforts and training that had occurred to increase the level of user security awareness. Here we are some 5 years later and I am sorry to say we have not made that much progress.
Last week, while at a client site I became aware of an incident that rivals the insanity of the yellow Post-it note on the display. A user was having issues with their laptop and it could not be fixed remotely. The IT department scheduled a time for the user to turn over the laptop so the problem could be addressed and returned to the user that same day. When the laptop was collected and taken to the IT department upon inspection they immediately notified the security department. The issue? The user had taken a black indelible marker and had written their user name and password along side of the touch pad below the keyboard.
This was a well educated professional you would think knows better. Obviously not! It is no wonder why cybersecurity professionals are so irritated, and in some cases just throw their hands up in frustration. I am at that point myself.
Two weeks from now will be my last weekly posting here on the Breaking Gov Cyber Intelligence blog. I am sure I will check in and post something from time to time. I would like to thank all of you who have followed this blog, contacted me, and shared your insights, as well as provided addition information relating to the topics we covered on here.